TechSpot

Antivirus pro 2006; WinSpyProtect; Bifrost all on previously clean machine

By pot1234Dreadlox
Jun 19, 2012
  1. Broni - me again! The first nachine you helped us with came up with a warning about the above this morning....I can think of a few choice words about how I feel... Total Defense picked them up and quarantined them.... 3 times ... so much for getting rid of them... I have done the standard logs and will post them. All computers are off-line and I am posting this on a clean non-networked machine. Once again (wow) thanks in advance!! :):)
    Just had a thought - the infected machine runs XP emulation under W7 professional...should we uninstall it???


    MalwareBytes log
    aMalwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.18.03
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    User :: NORTH [administrator]
    Protection: Enabled
    18/06/2012 19:25:50
    mbam-log-2012-06-18 (19-25-50).txt
    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 967769
    Time elapsed: 6 hour(s), 55 minute(s), 27 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    GMER log - BTW, it didn't have all the boxes checked...they were greyed out....

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-19 13:46:43
    Windows 6.1.7601 Service Pack 1
    Running: pu82zy4i.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002683122326
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002683122326 (not active ControlSet)
    ---- Files - GMER 1.0.15 ----
    File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\2levac.gif 1702 bytes
    File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\banpapers.gif 5468 bytes
    File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\contacts.gif 867 bytes
    File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\ifla1.gif 3470 bytes
    File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\search.gif 991 bytes
    File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\spacer.gif 828 bytes
    ---- EOF - GMER 1.0.15 ----
     
  2. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    DDS Log

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by User at 13:47:41 on 2012-06-19
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6121.3693 [GMT 8:00]
    .
    AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
    SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Total Defense Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
    C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
    C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files (x86)\CA\PCPitstopScheduleService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\CA\CA Internet Security Suite\casc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\spool\DRIVERS\x64\3\CNAC9SWK.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Total Defense Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Total Defense Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
    TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    LSP: C:\Windows\system32\VetRedir.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 10.1.1.1
    TCP: Interfaces\{510B9C32-66D5-463C-B827-A032DE239661} : DhcpNameServer = 10.1.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    Notify: PFW - UmxWnp.Dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KmxAMRT;KmxAMRT;C:\Windows\system32\DRIVERS\KmxAMRT.sys --> C:\Windows\system32\DRIVERS\KmxAMRT.sys [?]
    R0 KmxFw;KmxFw;C:\Windows\system32\DRIVERS\kmxfw.sys --> C:\Windows\system32\DRIVERS\kmxfw.sys [?]
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys --> C:\Windows\system32\DRIVERS\kmxagent.sys [?]
    R1 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys --> C:\Windows\system32\DRIVERS\kmxcfg.sys [?]
    R1 KmxFile;KmxFile;C:\Windows\system32\DRIVERS\KmxFile.sys --> C:\Windows\system32\DRIVERS\KmxFile.sys [?]
    R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\system32\DRIVERS\KmxFilter.sys --> C:\Windows\system32\DRIVERS\KmxFilter.sys [?]
    R2 CAAMSvc;CAAMSvc;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe [2011-8-19 291656]
    R2 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2011-8-19 312656]
    R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2012-3-7 287280]
    R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-9-5 210024]
    R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-6-11 107848]
    R2 KmxCF;KmxCF;C:\Windows\system32\DRIVERS\KmxCF.sys --> C:\Windows\system32\DRIVERS\KmxCF.sys [?]
    R2 KmxSbx;KmxSbx;C:\Windows\system32\DRIVERS\KmxSbx.sys --> C:\Windows\system32\DRIVERS\KmxSbx.sys [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-14 654408]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\CA\PCPitstopScheduleService.exe [2011-9-5 90864]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
    R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
    R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
    S3 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 ExtremeVSSService;Extreme VSS Service;C:\Program Files (x86)\SuperFlexible\ExtremeVSS.exe [2012-6-14 3196800]
    S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-19 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-19 136176]
    S3 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
    S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S3 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2011-8-19 263504]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    .
    =============== Created Last 30 ================
    .
    2012-06-18 21:40:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6E08CF5-BA72-4CFE-A7AD-28286F374FEC}\offreg.dll
    2012-06-15 07:15:02 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6E08CF5-BA72-4CFE-A7AD-28286F374FEC}\mpengine.dll
    2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-06-14 09:15:12 -------- d-----w- C:\Users\User\AppData\Local\Secunia PSI
    2012-06-14 09:15:00 -------- d-----w- C:\Program Files (x86)\Secunia
    2012-06-14 07:39:15 -------- d-----w- C:\Program Files\WOT
    2012-06-14 07:39:15 -------- d-----w- C:\Program Files (x86)\WOT
    2012-06-14 07:35:45 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-14 07:35:45 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-13 15:27:42 -------- d-----w- C:\Program Files (x86)\ESET
    2012-06-13 15:03:44 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-06-13 15:01:31 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-06-13 14:54:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 14:54:24 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-13 14:54:24 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 14:54:08 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-13 14:54:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-13 14:54:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 14:54:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 14:53:59 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 14:53:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-13 14:53:55 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-13 14:53:50 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 14:53:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-13 14:53:40 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-13 14:53:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 14:53:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-13 14:53:40 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-13 14:53:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-11 19:10:36 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-06-11 19:06:31 16712 ----a-w- C:\Windows\System32\drivers\PROCEXP113.SYS
    2012-06-11 05:27:41 -------- d-----w- C:\Application Data
    2012-06-10 18:34:47 -------- d-----w- C:\Program Files\HitmanPro
    2012-06-10 18:12:54 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2012-06-10 18:00:26 -------- d-----w- C:\ProgramData\HitmanPro
    2012-06-10 17:13:16 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
    2012-06-10 17:13:15 -------- d-----w- C:\Program Files\Prevx
    2012-06-10 17:12:27 237072 ------w- C:\Windows\SysWow64\MpSigStub.exe
    2012-06-10 17:12:16 -------- d-----w- C:\ProgramData\PrevxCSI
    2012-06-08 11:05:54 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
    2012-06-08 11:05:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-08 11:05:51 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-08 11:05:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-08 11:03:32 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-08 10:48:05 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-06-08 10:20:01 -------- d-----w- C:\ProgramData\B7E858A7000083BB00006F7BB4EB2331
    2012-06-05 03:06:22 -------- d-----w- C:\Users\User\AppData\Roaming\MyPublisher
    2012-06-05 03:06:22 -------- d-----w- C:\Program Files (x86)\MyPublisher
    2012-06-01 09:12:29 -------- d-----w- C:\Program Files (x86)\Timios
    2012-06-01 04:32:28 -------- d-----w- C:\Users\User\.RationalPlan
    2012-05-25 03:14:14 -------- d-----w- C:\ProgramData\AMD
    2012-05-25 03:14:13 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2012-05-25 03:14:05 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-05-25 03:06:47 -------- d-----w- C:\AMD
    2012-05-21 07:47:50 -------- d-----w- C:\ProgramData\Licenses
    2012-05-21 07:47:49 -------- d-----w- C:\Program Files\Classic Menu for Office 2010
    .
    ==================== Find3M ====================
    .
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-05 09:51:46 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-04-18 12:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 12:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
    2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-04-05 14:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-04-05 14:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-04-05 14:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-04-05 14:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-04-05 14:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-04-05 14:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-04-05 14:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-04-05 14:32:08 54784 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-04-05 14:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-27 09:03:36 4015592 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2012-03-21 07:55:16 2886656 ----a-w- C:\Windows\System32\RCoRes64.dat
    .
    ============= FINISH: 13:49:12.95 ===============

    Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/08/2011 11:06:05
    System Uptime: 18/06/2012 15:32:26 (22 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8P67
    Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | LGA1155 | 3101/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1863 GiB total, 956.765 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 931 GiB total, 806.823 GiB free.
    G: is FIXED (NTFS) - 298 GiB total, 170.36 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&87D54EE&0&00E5
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&87D54EE&0&00E5
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Master Collection
    Adobe Digital Editions
    Adobe Story
    Adobe Widget Browser
    Aiseesoft iPad 2 to Computer Transfer Ultimate 6.1.26
    Aiseesoft iPad Converter Suite
    Apple Application Support
    Apple Software Update
    AVI Splitter
    Backup and Migration
    BookCAT
    CA PC Tune-Up 3.0.0.2
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DNAMigrator
    Dropbox
    EndNote 9.0.1 Volume License Edition
    EndNote X3
    ESET Online Scanner v3
    Google Book Downloader
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GooReader
    HandBrake 0.9.5
    Intel(R) Management Engine Components
    Intel(R) Processor ID Utility
    Java Auto Updater
    Java(TM) 6 Update 30
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Malwarebytes Anti-Malware version 1.61.0.1400
    marvell 91xx console driver
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Edition 2003
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nikon Scan
    Parental Controls
    PDF Settings CS5
    PxMergeModule
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    ResearchSoft Direct Export Helper
    Secunia PSI (2.0.0.4003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.9
    Super Flexible File Synchronizer 5.56a
    Sweet Home 3D version 3.4
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/06/2012 23:55:45, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    15/06/2012 23:55:45, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    15/06/2012 23:55:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    15/06/2012 19:51:11, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    15/06/2012 11:56:13, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    14/06/2012 20:03:58, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
    14/06/2012 18:29:31, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user NORTH\User SID (S-1-5-21-2889345744-3964579421-1802933252-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    14/06/2012 18:29:31, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user NORTH\User SID (S-1-5-21-2889345744-3964579421-1802933252-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    14/06/2012 15:17:13, Error: Service Control Manager [7034] - The PCPitstop Scheduling service terminated unexpectedly. It has done this 1 time(s).
    13/06/2012 22:36:39, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    12/06/2012 02:58:02, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    12/06/2012 02:55:59, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/06/2012 02:54:29, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/06/2012 02:48:49, Error: Service Control Manager [7034] - The PEVSystemStart service terminated unexpectedly. It has done this 1 time(s).
    12/06/2012 02:37:24, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:32:19, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    12/06/2012 02:32:19, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    12/06/2012 02:25:15, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    12/06/2012 02:25:14, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/06/2012 02:25:12, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    12/06/2012 02:17:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    12/06/2012 02:12:06, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    12/06/2012 02:12:06, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/06/2012 02:12:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
    12/06/2012 02:10:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    12/06/2012 02:09:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
    12/06/2012 01:52:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    12/06/2012 01:52:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    12/06/2012 01:49:38, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/06/2012 01:48:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/06/2012 01:48:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/06/2012 01:48:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/06/2012 01:48:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/06/2012 01:48:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent KmxCfg KmxFile KmxFilter KmxFw spldr vpcvmm Wanarpv6
    12/06/2012 01:48:21, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    What are the current issues?

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Will go and do this now.
    Issues: Antivirus pro 2006; WinSpyProtect; Bifrost were all being detected by Total Defense....
    It took ages to remove Total Defense before using the app remover....over 12 hours, so it might take me a while to get back on this post. :(
    Will need some advice as to how to reinstall Total Defense if you can give it.....:confused:
    Thank you for all your help, Broni...it is really great.... DL
     
  5. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Whoops! had a blue screen of death during uninstall but have rebooted and uninstall of ca has completed. will post combofix logs etc as soon as done.
     
  6. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    here is the ComboFix log
    - DL

    ComboFix 12-06-19.03 - User 20/06/2012 14:22:35.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6121.4818 [GMT 8:00]
    Running from: c:\users\User\Desktop\broni-north\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\etc\hosts.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-20 06:25 . 2012-06-20 06:25 -------- d-----w- c:\users\User\AppData\Local\temp
    2012-06-20 06:25 . 2012-06-20 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-18 14:10 . 2012-06-18 14:10 -------- d-----w- c:\users\Public\EmailTransfer
    2012-06-15 07:15 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6E08CF5-BA72-4CFE-A7AD-28286F374FEC}\mpengine.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-06-15 03:42 . 2012-06-15 03:42 -------- d-----w- c:\program files (x86)\QuickTime
    2012-06-14 12:07 . 2012-06-14 12:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-14 09:15 . 2012-06-14 09:15 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
    2012-06-14 09:15 . 2012-06-14 09:15 -------- d-----w- c:\program files (x86)\Secunia
    2012-06-14 07:39 . 2012-06-14 07:39 -------- d-----w- c:\program files\WOT
    2012-06-14 07:39 . 2012-06-14 07:39 -------- d-----w- c:\program files (x86)\WOT
    2012-06-14 07:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-06-14 07:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-06-13 15:27 . 2012-06-13 15:27 -------- d-----w- c:\program files (x86)\ESET
    2012-06-13 15:04 . 2012-06-13 15:04 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-13 15:03 . 2012-06-13 15:03 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-13 15:01 . 2012-05-04 11:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-13 14:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 14:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 14:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 14:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 14:54 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 14:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 14:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 14:53 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 14:53 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 14:53 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 14:53 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 14:53 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 14:53 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 14:53 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 14:53 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 14:53 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 14:53 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-11 05:27 . 2012-06-11 05:27 -------- d-----w- C:\Application Data
    2012-06-10 18:34 . 2012-06-10 18:43 -------- d-----w- c:\program files\HitmanPro
    2012-06-10 18:12 . 2012-06-10 18:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2012-06-10 18:00 . 2012-06-12 07:21 -------- d-----w- c:\programdata\HitmanPro
    2012-06-10 17:13 . 2012-06-10 17:13 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2012-06-10 17:13 . 2012-06-10 17:13 -------- d-----w- c:\program files\Prevx
    2012-06-10 17:12 . 2012-02-23 02:18 237072 ------w- c:\windows\SysWow64\MpSigStub.exe
    2012-06-10 17:12 . 2012-06-11 09:32 -------- d-----w- c:\programdata\PrevxCSI
    2012-06-08 11:05 . 2012-06-08 11:05 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
    2012-06-08 11:05 . 2012-06-20 05:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-08 11:05 . 2012-06-08 11:05 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-08 11:03 . 2012-06-11 09:23 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-08 10:48 . 2012-06-08 10:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-08 10:20 . 2012-06-08 10:26 -------- d-----w- c:\programdata\B7E858A7000083BB00006F7BB4EB2331
    2012-06-05 03:06 . 2012-06-05 03:06 -------- d-----w- c:\users\User\AppData\Roaming\MyPublisher
    2012-06-05 03:06 . 2012-06-05 03:06 -------- d-----w- c:\program files (x86)\MyPublisher
    2012-06-01 04:32 . 2012-06-01 07:12 -------- d-----w- c:\users\User\.RationalPlan
    2012-05-25 03:14 . 2012-05-25 03:14 -------- d-----w- c:\programdata\ATI
    2012-05-25 03:14 . 2012-05-25 03:14 -------- d-----w- c:\programdata\AMD
    2012-05-25 03:14 . 2012-05-25 03:14 -------- d-----w- c:\program files (x86)\AMD AVT
    2012-05-25 03:14 . 2012-05-25 03:14 -------- d-----w- c:\program files (x86)\AMD APP
    2012-05-25 03:06 . 2012-05-25 03:06 -------- d-----w- C:\AMD
    2012-05-21 07:47 . 2012-05-21 07:47 -------- d-----w- c:\programdata\Licenses
    2012-05-21 07:47 . 2012-05-21 07:47 -------- d-----w- c:\program files\Classic Menu for Office 2010
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 09:51 . 2012-04-14 03:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:29 . 2011-09-14 12:05 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2011-12-23 14:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2011-12-23 14:21 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-08-05 06:37 64000 ----a-w- c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2011-12-23 14:21 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2011-12-23 14:21 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2011-04-05 13:20 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2011-12-23 14:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2011-04-19 17:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2011-12-23 14:21 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-04-05 14:34 . 2012-04-05 14:34 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-04-05 14:34 . 2012-04-05 14:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-04-05 14:34 . 2012-04-05 14:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-04-05 14:33 . 2012-04-05 14:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-04-05 14:33 . 2012-04-05 14:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-04-05 14:33 . 2012-04-05 14:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
    2012-04-05 14:32 . 2012-04-05 14:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-04-05 14:32 . 2012-04-05 14:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
    2012-04-05 14:32 . 2012-04-05 14:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-03-30 11:35 . 2012-05-10 09:53 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00001YSISyncComplete]
    @="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
    [HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
    2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00002YSISyncActive]
    @="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
    [HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
    2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00003YSISyncError]
    @="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
    [HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
    2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2008-09-04 406944]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [x]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
    R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 ExtremeVSSService;Extreme VSS Service;c:\program files (x86)\SuperFlexible\ExtremeVSS.exe [2011-09-20 3196800]
    R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
    R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
    R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-07-02 263504]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    R4 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x]
    R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
    S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-06-10 107848]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00001YSISyncComplete]
    @="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
    [HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
    2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00002YSISyncActive]
    @="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
    [HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
    2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00003YSISyncError]
    @="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
    [HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
    2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
    "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
    "CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2008-09-04 406944]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    LSP: c:\windows\system32\VetRedir.dll
    TCP: DhcpNameServer = 10.1.1.1
    DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-OfficeSyncProcess - c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    Notify-PFW - (no file)
    AddRemove-dm - c:\program files\CA\CA Internet Security Suite\caunst.exe
    AddRemove-pc - c:\program files\CA\CA Internet Security Suite\caunst.exe
    AddRemove-{1367D815-EC9F-4e2f-9FB9-E40A075AD19B} - c:\program files\CA\CA Internet Security Suite\caunst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-20 14:26:51
    ComboFix-quarantined-files.txt 2012-06-20 06:26
    .
    Pre-Run: 1,027,275,403,264 bytes free
    Post-Run: 1,027,853,578,240 bytes free
    .
    - - End Of File - - 3F0755EBA87DC862AF755A76ED37CABE
     
  7. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Thought: should we remove the XP virtualisation on this machine?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Why do you want remove it?

    What files and what location are we talking about as I don't see anything malicious?
     
  9. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Sorry, Broni, I thought you wanted to know what the original issues were....

    I'll go and see if I can find the targets under CA and let you know... just in case


    I don't want to remove XP, although I don't use it much, but thought that it might be the source of infection as it doesn't have its own antivirus and was being used for web browsing :confused: ....
     
  10. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Broni, CA seems to have disappeared ! I have checked it and is not installed but gives me an error message if I try to reinstall. The machine network map says it is connected to the internet but neither iexplorer nor firefox will open. Seems to be the same problem as the other machine, so I did an FSS log, see attached. Hope that's okay...DL :( Hope we can solve this soon, very frustrating!!

    FSS log
    Farbar Service Scanner Version: 19-06-2012 01
    Ran by User (administrator) on 23-06-2012 at 14:13:58
    Running from "F:\broni-fmbaby"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blokked: Other errors
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    At this point...

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  12. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Broni, may I reopen this? The computer is now connected to the internet but when I did the combofix and RDKill as advised previously it came up with the blue screen of death showing KmxAMRT.sys as an imageable instead of a non-imageable ... whatever that means. The RDkill didn't give me a log but I did get one from the ComboFix which I will post below; understand if this needs to be a new thread.... thanks, DL.

    Combofix log
    ComboFix 12-06-26.02 - User 27/06/2012 19:12:46.7.4 - x64 NETWORK
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6121.5368 [GMT 8:00]
    Running from: c:\users\User\Desktop\broni-north\fm.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-27 11:17 . 2012-06-27 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-27 11:06 . 2012-06-27 11:09 -------- d-----w- C:\1c2b833cec5329050a01e056cb
    2012-06-27 11:02 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-27 10:51 . 2012-06-27 10:54 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
    2012-06-27 10:44 . 2012-06-27 11:17 -------- d-----w- c:\users\User\AppData\Local\temp
    2012-06-27 06:01 . 2012-06-27 06:01 2524176 ----a-w- c:\windows\system32\winsflt.dll
    2012-06-27 06:01 . 2012-06-27 06:01 1744912 ----a-w- c:\windows\SysWow64\winsflt.dll
    2012-06-27 06:01 . 2011-06-29 06:23 289296 ----a-w- c:\windows\SysWow64\winsfinst_x64.exe
    2012-06-27 05:46 . 2012-06-27 05:46 -------- d-----w- c:\program files\Total Defense
    2012-06-24 06:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-24 06:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-24 06:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-24 06:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-24 06:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-24 06:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-24 06:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-24 06:02 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-24 06:02 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-23 06:12 . 2012-06-23 06:12 -------- d-----w- c:\users\User\AppData\Local\Mozilla
    2012-06-23 06:12 . 2012-06-23 06:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-06-23 06:10 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102A868C-8AC1-42E9-A013-D6985BFD5558}\mpengine.dll
    2012-06-18 14:10 . 2012-06-18 14:10 -------- d-----w- c:\users\Public\EmailTransfer
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-06-15 03:42 . 2012-06-15 03:42 -------- d-----w- c:\program files (x86)\QuickTime
    2012-06-14 12:07 . 2012-06-14 12:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-14 09:15 . 2012-06-14 09:15 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
    2012-06-14 09:15 . 2012-06-14 09:15 -------- d-----w- c:\program files (x86)\Secunia
    2012-06-14 07:39 . 2012-06-14 07:39 -------- d-----w- c:\program files\WOT
    2012-06-14 07:39 . 2012-06-14 07:39 -------- d-----w- c:\program files (x86)\WOT
    2012-06-14 07:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-06-14 07:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-06-13 15:27 . 2012-06-13 15:27 -------- d-----w- c:\program files (x86)\ESET
    2012-06-13 15:04 . 2012-06-13 15:04 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-13 15:03 . 2012-06-13 15:03 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-13 15:01 . 2012-05-04 11:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-13 14:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 14:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 14:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 14:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 14:54 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 14:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 14:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 14:53 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 14:53 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 14:53 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 14:53 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 14:53 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 14:53 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 14:53 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 14:53 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 14:53 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 14:53 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-11 05:27 . 2012-06-11 05:27 -------- d-----w- C:\Application Data
    2012-06-10 18:34 . 2012-06-23 06:10 -------- d-----w- c:\program files\HitmanPro
    2012-06-10 18:12 . 2012-06-10 18:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2012-06-10 18:00 . 2012-06-12 07:21 -------- d-----w- c:\programdata\HitmanPro
    2012-06-10 17:13 . 2012-06-10 17:13 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2012-06-10 17:13 . 2012-06-10 17:13 -------- d-----w- c:\program files\Prevx
    2012-06-10 17:12 . 2012-02-23 02:18 237072 ------w- c:\windows\SysWow64\MpSigStub.exe
    2012-06-10 17:12 . 2012-06-11 09:32 -------- d-----w- c:\programdata\PrevxCSI
    2012-06-08 11:05 . 2012-06-08 11:05 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
    2012-06-08 11:05 . 2012-06-27 11:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-08 11:05 . 2012-06-08 11:05 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-08 11:03 . 2012-06-11 09:23 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-08 10:48 . 2012-06-08 10:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-08 10:20 . 2012-06-08 10:26 -------- d-----w- c:\programdata\B7E858A7000083BB00006F7BB4EB2331
    2012-06-05 03:06 . 2012-06-05 03:06 -------- d-----w- c:\users\User\AppData\Roaming\MyPublisher
    2012-06-05 03:06 . 2012-06-05 03:06 -------- d-----w- c:\program files (x86)\MyPublisher
    2012-06-01 04:32 . 2012-06-01 07:12 -------- d-----w- c:\users\User\.RationalPlan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 09:51 . 2012-04-14 03:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:29 . 2011-09-14 12:05 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2011-12-23 14:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2011-12-23 14:21 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-08-05 06:37 64000 ----a-w- c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2011-12-23 14:21 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2011-12-23 14:21 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2011-04-05 13:20 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2011-12-23 14:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2011-04-19 17:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2011-12-23 14:21 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-04-05 14:34 . 2012-04-05 14:34 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-04-05 14:34 . 2012-04-05 14:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-04-05 14:34 . 2012-04-05 14:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-04-05 14:33 . 2012-04-05 14:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-04-05 14:33 . 2012-04-05 14:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-04-05 14:33 . 2012-04-05 14:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
    2012-04-05 14:32 . 2012-04-05 14:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-04-05 14:32 . 2012-04-05 14:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
    2012-04-05 14:32 . 2012-04-05 14:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-03-30 11:35 . 2012-05-10 09:53 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-06-27_10.26.29 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-06-27 10:16 . 2012-06-27 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-27 11:01 . 2012-06-27 11:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-27 11:01 . 2012-06-27 11:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-06-27 10:16 . 2012-06-27 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-06-27 11:05 627066 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-27 11:05 107382 c:\windows\system32\perfc009.dat
    + 2010-11-21 03:27 . 2012-02-23 02:18 279656 c:\windows\system32\MpSigStub.exe
    - 2010-11-21 03:27 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00001YSISyncComplete]
    @="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
    [HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
    2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00002YSISyncActive]
    @="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
    [HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
    2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00003YSISyncError]
    @="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
    [HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
    2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2008-09-04 406944]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
    [BU]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    R0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [2011-09-06 143824]
    R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2011-09-06 87120]
    R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe [2012-06-13 288336]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
    R2 ExtremeVSSService;Extreme VSS Service;c:\program files (x86)\SuperFlexible\ExtremeVSS.exe [2011-09-20 3196800]
    R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-06-26 108392]
    R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2011-09-06 201936]
    R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2011-09-06 81488]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
    R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
    R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-02-13 411136]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
    R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
    R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-17 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-07-02 263504]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2011-10-27 182352]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-23 648808]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00001YSISyncComplete]
    @="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
    [HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
    2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00002YSISyncActive]
    @="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
    [HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
    2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00003YSISyncError]
    @="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
    [HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
    2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
    "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
    "CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2008-09-04 406944]
    "cctray"="c:\program files\Total Defense\Internet Security Suite\casc.exe" [2012-06-13 2710608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Qurb {EBA5BE5C}"="" [BU]
    "ccube_Uninstall_Lock"="c:\programdata\CA\cacu_001.exe" [2012-06-13 2578512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>
    LSP: c:\windows\system32\VetRedir.dll
    TCP: DhcpNameServer = 10.1.1.1
    DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ic0x622m.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-27 19:19:09
    ComboFix-quarantined-files.txt 2012-06-27 11:19
    ComboFix2.txt 2012-06-27 10:44
    ComboFix3.txt 2012-06-27 10:27
    ComboFix4.txt 2012-06-24 06:13
    ComboFix5.txt 2012-06-27 11:12
    .
    Pre-Run: 1,007,441,186,816 bytes free
    Post-Run: 1,007,133,855,744 bytes free
    .
    - - End Of File - - 3B75A9BB57DCD61CA608191F09512065
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I don't see anything malicious there.
     
  14. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Yay! - that is a relief I am so GLAD !! Thank you :) ... why is it coming up with the blue screen of death at startup? KmxART.sys. I have searched for this file but there is nothing on the machine. The only change was to retry and reinstall CA so I have tried to uninstall it with no success. Any thoughts on why the blue screen?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    That file seems to be a part of some CA product.
    I can see CA PC Tune-Up 3.0.0.2 installed.


    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     
  16. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Okay, got it to run in safe mode. Here it is. BTW, the machine says it will connect to the internet...I can see google and search but if I try anything else it just says an error, eg MalwareBytes update says (0,0,Net exception). Don't know if its important but I am unable to get any antivirus on the machine, so am a bit nervous about our friendly virus friends attacking again.....
     

    Attached Files:

  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  18. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Okay, here it is..... BTW, would running farbar be a good idea on the other machine that won't connect to the internet... the one that says 'failed to connect to systems event manager' 'the dependency group failed to start' 'windows could not automatically detect this networks proxy setting'??? okay, so I am probably pushing a friendship here .....:)






    Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
    Ran by SYSTEM at 02-07-2012 19:14:22
    Running from G:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6468712 2012-03-19] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT [1158248 2012-03-08] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT [1158248 2012-03-08] (Realtek Semiconductor)
    HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-09-04] (CANON INC.)
    HKLM\...\Run: [cctray] "C:\Program Files\Total Defense\Internet Security Suite\casc.exe" [2710608 2012-06-13] (Total Defense, Inc.)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKU\User\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-09-04] (CANON INC.)
    HKLM\...\Runonce: [Qurb {EBA5BE5C}] [x]
    HKLM\...\RunOnce: [ccube_Uninstall_Lock] "C:\ProgramData\CA\cacu_001.exe" /cleanup /RunOnce [2578512 2012-06-13] (Total Defense, Inc.)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-03] (Malwarebytes Corporation)
    Winlogon\Notify\PFW:
    Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
    AppInit_DLLs: C:\Windows\System32\UmxSbxExA64.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    ==================== Services (Whitelisted) ======
    3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations)
    3 CaCCProvSP; "C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe" [365136 2012-06-13] (Total Defense, Inc.)
    2 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [288336 2012-06-13] (Total Defense, Inc.)
    2 DTSAudioService; "C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe" [210024 2011-05-30] (DTS)
    2 ExtremeVSSService; C:\Program Files (x86)\SuperFlexible\ExtremeVSS.exe [3196800 2011-09-20] (Super Flexible Software Ltd. & Co. KG)
    2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108392 2012-06-26] (SurfRight B.V.)
    2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
    2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
    2 UmxEngine; "C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe" [920656 2011-04-03] (CA)
    3 WinSvchostManagerSrv; C:\Windows\SysWOW64\cfgmig32.exe [263504 2011-07-01] ()
    2 PCPitstop Scheduling; C:\Program Files (x86)\CA\PCPitstopScheduleService.exe [x]
    ========================== Drivers (Whitelisted) =============
    3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [38248 2010-10-26] (Atheros)
    3 ATHDFU; C:\Windows\System32\Drivers\ATHDFU.sys [55336 2010-10-26] (Windows (R) Win 7 DDK provider)
    3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [301680 2010-10-26] (Atheros)
    3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [31080 2010-10-26] (Atheros)
    3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [203624 2010-10-26] (Atheros)
    3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [58992 2010-10-26] (Atheros)
    3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [156520 2010-10-26] (Atheros)
    3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279152 2010-10-26] (Atheros)
    3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [411136 2009-02-13] (Conexant Systems, Inc.)
    0 KmxAMRT; C:\Windows\System32\Drivers\KmxAMRT.sys [182352 2011-10-27] (Total Defense)
    2 KmxCF; C:\Windows\System32\Drivers\KmxCF.sys [201936 2011-09-06] (CA)
    1 KmxFile; C:\Windows\System32\Drivers\KmxFile.sys [87120 2011-09-06] (CA)
    0 KmxFw; C:\Windows\System32\Drivers\KmxFw.sys [143824 2011-09-06] (CA)
    2 KmxSbx; C:\Windows\System32\Drivers\KmxSbx.sys [81488 2011-09-06] (CA)
    0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [297000 2010-08-27] (Marvell Semiconductor, Inc.)
    3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
    3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-27 03:19 - 2012-06-27 03:19 - 00027639 ____A C:\ComboFix.txt
    2012-06-27 03:02 - 2012-07-01 02:11 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-27 03:02 - 2012-04-03 23:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-27 02:51 - 2012-06-27 02:54 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2012
    2012-06-26 22:01 - 2012-06-26 22:01 - 02524176 ____A () C:\Windows\System32\winsflt.dll
    2012-06-26 22:01 - 2012-06-26 22:01 - 01744912 ____A () C:\Windows\SysWOW64\winsflt.dll
    2012-06-26 22:01 - 2011-06-28 22:23 - 00289296 ____A C:\Windows\SysWOW64\winsfinst_x64.exe
    2012-06-26 21:46 - 2012-06-26 21:46 - 00000000 ____D C:\Program Files\Total Defense
    2012-06-26 21:38 - 2012-06-26 21:45 - 180769088 ____A (Total Defense, Inc.) C:\Users\User\Downloads\issdm_td_en.exe
    2012-06-26 21:19 - 2012-06-26 21:25 - 156720112 ____A (CA, inc) C:\Users\User\Desktop\issdm_ca_en2.exe
    2012-06-23 23:32 - 2012-06-23 23:07 - 02322184 ____A (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
    2012-06-23 22:03 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-23 22:03 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-23 22:03 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-23 22:03 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-23 22:02 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-23 22:02 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-23 22:02 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-23 22:02 - 2012-06-01 23:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-23 22:02 - 2012-06-01 23:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-22 23:16 - 2012-06-22 23:17 - 00001136 ____A C:\Users\User\Desktop\Super Flexible File Synchronizer.lnk
    2012-06-22 22:12 - 2012-06-22 22:12 - 00001139 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-22 22:12 - 2012-06-22 22:12 - 00000000 ____D C:\Users\User\AppData\Local\Mozilla
    2012-06-22 22:12 - 2012-06-22 22:12 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-22 22:12 - 2012-06-22 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-22 22:12 - 2012-06-22 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-19 22:20 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-06-19 22:20 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-06-19 22:20 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-06-19 22:20 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-06-19 22:20 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-06-19 22:20 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-06-19 22:20 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-06-19 22:20 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-06-19 21:33 - 2012-06-19 21:16 - 10142944 ____A (OPSWAT, Inc.) C:\Users\User\Desktop\AppRemover.exe
    2012-06-19 21:06 - 2012-06-27 03:19 - 00000000 ____D C:\Qoobox
    2012-06-19 21:05 - 2012-06-27 03:09 - 00000000 ____D C:\Users\User\Desktop\broni-north
    2012-06-18 19:04 - 2012-06-18 19:04 - 00302592 ____A C:\Users\User\Desktop\gcp548hq.exe.3nwfd2c.partial
    2012-06-18 18:42 - 2012-06-18 22:02 - 00000000 ____D C:\Users\User\Desktop\northlog
    2012-06-18 06:10 - 2012-06-18 06:10 - 00000000 ____D C:\Users\Public\EmailTransfer
    2012-06-15 05:11 - 2012-03-27 03:16 - 00272629 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
    2012-06-15 05:11 - 2012-03-27 01:03 - 04015592 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
    2012-06-15 05:11 - 2012-03-20 23:55 - 02886656 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
    2012-06-15 05:11 - 2012-03-19 18:47 - 03608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
    2012-06-15 05:11 - 2012-03-19 03:01 - 00102504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
    2012-06-15 05:11 - 2012-03-16 00:25 - 02670696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
    2012-06-15 05:11 - 2012-03-12 19:21 - 01251432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
    2012-06-15 05:11 - 2012-03-07 19:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
    2012-06-15 05:11 - 2012-03-07 19:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
    2012-06-15 05:11 - 2012-03-06 19:09 - 00824424 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
    2012-06-15 05:11 - 2012-02-21 03:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
    2012-06-15 05:11 - 2012-02-20 22:26 - 02528832 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
    2012-06-15 05:11 - 2012-02-16 23:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
    2012-06-15 05:11 - 2012-02-13 08:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
    2012-06-15 05:11 - 2012-02-13 06:35 - 00978776 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
    2012-06-15 05:11 - 2012-01-29 19:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
    2012-06-15 05:11 - 2012-01-23 06:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
    2012-06-15 05:11 - 2012-01-23 06:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
    2012-06-15 05:11 - 2012-01-23 06:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
    2012-06-15 05:11 - 2012-01-09 18:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
    2012-06-15 05:11 - 2011-12-19 23:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
    2012-06-15 05:11 - 2011-12-19 13:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
    2012-06-15 05:11 - 2011-12-18 01:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
    2012-06-15 05:11 - 2011-12-18 01:58 - 01247576 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
    2012-06-15 05:11 - 2011-12-14 21:16 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
    2012-06-15 05:11 - 2011-12-14 21:16 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
    2012-06-15 05:11 - 2011-12-14 21:16 - 00137056 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
    2012-06-15 05:11 - 2011-12-14 21:16 - 00120160 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
    2012-06-15 05:11 - 2011-12-14 21:16 - 00075104 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
    2012-06-14 19:42 - 2012-06-26 21:17 - 00000992 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-14 19:42 - 2012-06-14 19:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-14 01:42 - 2012-06-14 01:42 - 00022016 ____A C:\Users\User\Downloads\TRS - 24 04 12 - 26 04 12.xls
    2012-06-14 01:15 - 2012-06-14 01:15 - 00000000 ____D C:\Users\User\AppData\Local\Secunia PSI
    2012-06-14 01:15 - 2012-06-14 01:15 - 00000000 ____D C:\Program Files (x86)\Secunia
    2012-06-13 23:39 - 2012-06-13 23:39 - 00000000 ____D C:\Program Files\WOT
    2012-06-13 23:39 - 2012-06-13 23:39 - 00000000 ____D C:\Program Files (x86)\WOT
    2012-06-13 23:35 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-13 23:35 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-06-13 18:37 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 18:37 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 18:37 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 18:37 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 18:37 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 18:37 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 18:37 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 18:37 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 18:37 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 18:37 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 18:37 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 18:37 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 18:37 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 18:37 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 18:37 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 18:37 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 18:37 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 18:37 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 18:37 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 18:37 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 18:37 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 18:37 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 18:37 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 18:37 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 18:37 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 18:37 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 18:37 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 18:37 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 07:27 - 2012-06-13 07:27 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-06-13 07:20 - 2012-06-14 04:01 - 00446464 ____A (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
    2012-06-13 07:08 - 2012-06-13 07:08 - 00000000 ____D C:\Users\User\Desktop\JavaRa-1.16-16-12-11
    2012-06-13 07:08 - 2012-06-13 06:59 - 00160639 ____A C:\Users\User\Desktop\JavaRa-1.16-16-12-11.zip
    2012-06-13 07:03 - 2012-06-13 07:03 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-13 07:01 - 2012-05-04 03:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-06-13 07:01 - 2012-05-04 03:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-06-13 06:54 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 06:54 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 06:54 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 06:54 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 06:54 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 06:54 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 06:54 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 06:53 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 06:53 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 06:53 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 06:53 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 06:53 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 06:53 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 06:53 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 06:53 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 06:53 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 06:53 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-11 10:40 - 2012-06-27 02:36 - 00000000 ____D C:\Windows\ERDNT
    2012-06-10 19:42 - 2012-06-11 01:43 - 04731392 ____A (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
    2012-06-10 19:41 - 2012-06-10 19:41 - 00008070 ____A C:\Users\User\Desktop\bookkit.txt
    2012-06-10 19:36 - 2012-06-10 19:33 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip
    2012-06-10 19:34 - 2012-06-10 19:34 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip.02iy8t2.partial
    2012-06-10 19:33 - 2012-06-10 19:33 - 00044607 ____A C:\Users\User\Downloads\bootkit_remover.zip
    2012-06-10 19:32 - 2012-06-10 19:32 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip.xv05p77.partial
    2012-06-10 18:34 - 2012-06-10 18:37 - 00000000 ____D C:\Users\User\Desktop\CA probelms
    2012-06-10 10:34 - 2012-06-22 22:10 - 00000000 ____D C:\Program Files\HitmanPro
    2012-06-10 10:34 - 2012-06-10 10:34 - 00001902 ____A C:\Users\Public\Desktop\HitmanPro.lnk
    2012-06-10 10:12 - 2012-06-10 10:12 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
    2012-06-10 10:00 - 2012-06-11 23:21 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-06-10 09:13 - 2012-06-10 09:13 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
    2012-06-10 09:13 - 2012-06-10 09:13 - 00000000 ____D C:\Program Files\Prevx
    2012-06-10 09:12 - 2012-06-11 01:32 - 00000000 ____D C:\Users\All Users\PrevxCSI
    2012-06-10 09:12 - 2012-06-10 09:13 - 00000049 ____A C:\Windows\wininit.ini
    2012-06-10 09:12 - 2012-02-22 18:18 - 00237072 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MpSigStub.exe
    2012-06-10 08:43 - 2012-06-27 03:09 - 00002243 ____A C:\Windows\epplauncher.mif
    2012-06-08 03:05 - 2012-07-01 02:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-08 03:05 - 2012-06-08 03:05 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
    2012-06-08 03:05 - 2012-06-08 03:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-08 03:03 - 2012-06-11 01:23 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-06-08 03:02 - 2012-06-26 03:57 - 00749796 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-08 02:48 - 2012-06-08 02:48 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-08 02:20 - 2012-06-08 02:26 - 00000000 ____D C:\Users\All Users\B7E858A7000083BB00006F7BB4EB2331
    2012-06-04 19:07 - 2012-06-04 19:07 - 00001286 ____A C:\Users\User\Desktop\MyPublisher.lnk
    2012-06-04 19:06 - 2012-06-04 19:06 - 00000000 ____D C:\Users\User\AppData\Roaming\MyPublisher
    2012-06-04 19:06 - 2012-06-04 19:06 - 00000000 ____D C:\Program Files (x86)\MyPublisher

    ============ 3 Months Modified Files ========================
    2012-07-01 02:11 - 2012-06-27 03:02 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-30 18:47 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-30 18:43 - 2010-11-20 19:47 - 00156966 ____A C:\Windows\PFRO.log
    2012-06-27 03:19 - 2012-06-27 03:19 - 00027639 ____A C:\ComboFix.txt
    2012-06-27 03:17 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-06-27 03:09 - 2012-06-10 08:43 - 00002243 ____A C:\Windows\epplauncher.mif
    2012-06-27 03:05 - 2011-08-04 19:07 - 02024441 ____A C:\Windows\WindowsUpdate.log
    2012-06-27 02:37 - 2009-07-13 18:34 - 75497472 ____A C:\Windows\System32\config\software.bak
    2012-06-27 02:37 - 2009-07-13 18:34 - 21495808 ____A C:\Windows\System32\config\system.bak
    2012-06-27 02:37 - 2009-07-13 18:34 - 01048576 ____A C:\Windows\System32\config\default.bak
    2012-06-27 02:37 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
    2012-06-27 02:37 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
    2012-06-26 22:01 - 2012-06-26 22:01 - 02524176 ____A () C:\Windows\System32\winsflt.dll
    2012-06-26 22:01 - 2012-06-26 22:01 - 01744912 ____A () C:\Windows\SysWOW64\winsflt.dll
    2012-06-26 22:01 - 2011-08-17 06:14 - 00015261 ____A C:\Windows\System32\FDInstall.log
    2012-06-26 21:55 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 21:55 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 21:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-26 21:48 - 2009-07-13 20:51 - 00053761 ____A C:\Windows\setupact.log
    2012-06-26 21:45 - 2012-06-26 21:38 - 180769088 ____A (Total Defense, Inc.) C:\Users\User\Downloads\issdm_td_en.exe
    2012-06-26 21:25 - 2012-06-26 21:19 - 156720112 ____A (CA, inc) C:\Users\User\Desktop\issdm_ca_en2.exe
    2012-06-26 21:17 - 2012-06-14 19:42 - 00000992 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-26 03:57 - 2012-06-08 03:02 - 00749796 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-23 23:07 - 2012-06-23 23:32 - 02322184 ____A (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
    2012-06-22 23:17 - 2012-06-22 23:16 - 00001136 ____A C:\Users\User\Desktop\Super Flexible File Synchronizer.lnk
    2012-06-22 22:12 - 2012-06-22 22:12 - 00001139 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-20 03:00 - 2011-08-17 04:55 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-19 21:16 - 2012-06-19 21:33 - 10142944 ____A (OPSWAT, Inc.) C:\Users\User\Desktop\AppRemover.exe
    2012-06-19 06:25 - 2011-08-22 05:54 - 02813473 ____A C:\Windows\System32\Drivers\kmxcfg.u2k0
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000341 ____A C:\Windows\System32\Drivers\kmxzone.u2k0
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k7
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k6
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k5
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k4
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k3
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k2
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k1
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k7
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k6
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k5
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k3
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k2
    2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k1
    2012-06-19 06:25 - 2011-08-18 23:26 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k4
    2012-06-19 06:25 - 2011-08-17 06:26 - 00754164 ____A C:\Windows\System32\Drivers\KmxAgent.asc
    2012-06-18 19:04 - 2012-06-18 19:04 - 00302592 ____A C:\Users\User\Desktop\gcp548hq.exe.3nwfd2c.partial
    2012-06-15 05:11 - 2011-09-04 22:57 - 00004770 ____A C:\Windows\DPINST.LOG
    2012-06-14 04:07 - 2011-09-30 02:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-14 04:01 - 2012-06-13 07:20 - 00446464 ____A (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
    2012-06-14 01:42 - 2012-06-14 01:42 - 00022016 ____A C:\Users\User\Downloads\TRS - 24 04 12 - 26 04 12.xls
    2012-06-13 23:10 - 2009-07-13 20:45 - 04969504 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 07:01 - 2012-02-10 01:57 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-13 07:01 - 2012-02-10 01:57 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-13 06:59 - 2012-06-13 07:08 - 00160639 ____A C:\Users\User\Desktop\JavaRa-1.16-16-12-11.zip
    2012-06-11 10:37 - 2009-07-13 21:08 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-11 01:43 - 2012-06-10 19:42 - 04731392 ____A (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
    2012-06-10 19:41 - 2012-06-10 19:41 - 00008070 ____A C:\Users\User\Desktop\bookkit.txt
    2012-06-10 19:34 - 2012-06-10 19:34 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip.02iy8t2.partial
    2012-06-10 19:33 - 2012-06-10 19:36 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip
    2012-06-10 19:33 - 2012-06-10 19:33 - 00044607 ____A C:\Users\User\Downloads\bootkit_remover.zip
    2012-06-10 19:32 - 2012-06-10 19:32 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip.xv05p77.partial
    2012-06-10 10:34 - 2012-06-10 10:34 - 00001902 ____A C:\Users\Public\Desktop\HitmanPro.lnk
    2012-06-10 10:12 - 2012-06-10 10:12 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
    2012-06-10 09:13 - 2012-06-10 09:13 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
    2012-06-10 09:13 - 2012-06-10 09:12 - 00000049 ____A C:\Windows\wininit.ini
    2012-06-04 19:07 - 2012-06-04 19:07 - 00001286 ____A C:\Users\User\Desktop\MyPublisher.lnk
    2012-06-03 21:50 - 2011-08-22 06:55 - 00001015 ____A C:\Users\User\Desktop\Dropbox.lnk
    2012-06-02 14:19 - 2012-06-23 22:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-23 22:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-23 22:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-23 22:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-23 22:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-23 22:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-23 22:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-01 23:19 - 2012-06-23 22:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 23:15 - 2012-06-23 22:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 01:08 - 2012-06-01 01:08 - 18651832 ____A (Experience In Software ) C:\Users\User\Downloads\PKS4Setup.exe
    2012-05-21 07:06 - 2011-08-15 22:16 - 00109800 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-17 18:47 - 2012-06-13 18:37 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-13 18:37 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-13 18:37 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-13 18:37 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-13 18:37 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-13 18:37 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-13 18:37 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-13 18:37 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-13 18:37 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-13 18:37 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-13 18:37 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-13 18:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-13 18:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-13 18:37 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-13 18:37 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 18:37 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 18:37 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 18:37 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 18:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 18:37 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-13 18:37 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-13 18:37 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 18:37 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-13 18:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 18:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 18:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 18:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 18:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-16 18:50 - 2012-05-16 18:50 - 00001276 ____A C:\Users\User\Desktop\aaaREPORT Literature - Shortcut.lnk
    2012-05-14 17:32 - 2012-06-13 06:53 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-05 02:39 - 2012-05-05 02:39 - 00013824 ____A C:\Users\Public\AmercianExpree.xls
    2012-05-05 01:51 - 2012-04-13 19:35 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-04 03:29 - 2012-06-13 07:01 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-05-04 03:29 - 2012-06-13 07:01 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 03:29 - 2011-09-14 04:05 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 03:06 - 2012-06-13 06:54 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-13 23:35 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-13 06:54 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 06:54 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-13 23:35 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-04-30 21:40 - 2012-06-13 06:54 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:55 - 2012-06-13 06:53 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-13 06:54 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 06:54 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 06:54 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-13 06:53 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 06:53 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 06:53 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 06:53 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 06:53 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 06:53 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-21 20:20 - 2011-09-18 06:32 - 00231424 __ASH C:\Users\User\Documents\Thumbs.db
    2012-04-18 04:56 - 2012-04-18 04:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 04:56 - 2012-04-18 04:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-17 20:43 - 2012-04-17 20:43 - 00001364 ____A C:\Users\User\Documents\Bibliography UWA+research files - Shortcut.lnk
    2012-04-16 01:53 - 2011-08-22 06:22 - 00002031 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-04-14 21:22 - 2012-04-14 21:22 - 00001276 ____A C:\Users\User\Documents\REPORT Literature - Shortcut.lnk
    2012-04-11 02:09 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
    2012-04-07 04:31 - 2012-06-13 06:53 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-13 06:53 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
    2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-04-05 18:21 - 2011-12-23 06:21 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-04-05 18:20 - 2012-04-05 18:20 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-04-05 18:13 - 2011-12-23 06:21 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-04-05 18:00 - 2011-08-04 22:37 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
    2012-04-05 17:54 - 2012-04-05 17:54 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
    2012-04-05 17:34 - 2011-12-23 06:21 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
    2012-04-05 17:29 - 2012-04-05 17:29 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
    2012-04-05 17:29 - 2012-04-05 17:29 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
    2012-04-05 17:29 - 2012-04-05 17:29 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
    2012-04-05 17:29 - 2012-04-05 17:29 - 00157144 ____A C:\Windows\System32\ativvsva.dat
    2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-04-05 17:22 - 2011-12-23 06:21 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-04-05 17:09 - 2011-12-23 06:21 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-04-05 17:09 - 2011-12-23 06:21 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-04-05 17:09 - 2011-04-19 09:21 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-04-05 17:09 - 2011-04-05 05:20 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-04-05 06:34 - 2012-04-05 06:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-04-05 06:34 - 2012-04-05 06:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-04-05 06:34 - 2012-04-05 06:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-04-05 06:33 - 2012-04-05 06:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-04-05 06:33 - 2012-04-05 06:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-04-05 06:33 - 2012-04-05 06:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-04-05 06:32 - 2012-04-05 06:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-04-05 06:32 - 2012-04-05 06:32 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-04-05 06:32 - 2012-04-05 06:32 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    ZeroAccess:
    C:\Users\User\AppData\Local\{e6128d5b-2e23-ec19-2331-6b5dd6497188}
    C:\Users\User\AppData\Local\{e6128d5b-2e23-ec19-2331-6b5dd6497188}\L
    C:\Users\User\AppData\Local\{e6128d5b-2e23-ec19-2331-6b5dd6497188}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 12%
    Total physical RAM: 6120.84 MB
    Available physical RAM: 5381.05 MB
    Total Pagefile: 6119.04 MB
    Available Pagefile: 5366.92 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (NORTH) (Fixed) (Total:1863.02 GB) (Free:937.95 GB) NTFS
    2 Drive e: (NORTH_E_NHP+DPC_Asstd) (Fixed) (Total:931.41 GB) (Free:795.05 GB) NTFS
    4 Drive g: (REDBOW_4GB) (Removable) (Total:3.73 GB) (Free:2.06 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 1024 KB
    Disk 1 Online 1863 GB 0 B
    Disk 2 Online 3828 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E NORTH_E_NHP NTFS Partition 931 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NORTH NTFS Partition 1863 GB Healthy
    ==================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3824 MB 4032 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G REDBOW_4GB FAT32 Removable 3824 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-06-18 11:00
    ======================= End Of Log ==========================
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Farbar tool is not designed for fixing internet connection.
    Also, one computer per topic.

    I don't see KmxART.sys being present but I definitely see some items from CA Total Defense.

    Try Revo uninstaller to uninstall it and then reinstall.

    Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

    Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
    • Please download and install Revo Uninstaller Free
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on the program you want to remove
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • When the built-in uninstaller is finished click on Next
    • Once the program has searched for leftovers click Next.
    • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
    • When prompted click on Yes and then on Next.
    • Put a check on any folders that are found and select Delete
    • When prompted select Yes then Next
    • Once done click Finish.
     
  20. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Broni, yep, thought you might say that about Farbar.... thanks for being so courteous about the request. I suppose I should try that in the Windows forum??

    Re the Revo can I run this from safe mode?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes.

    Why do you want to run Revo in safe mode?
     
  22. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    Well, previously I could only start that machine in safe mode because the .sys file kept coming up on the blue screen of death. I guess I'm a bit nervous about it.... if you think its okay, I'll go ahead with a normal start after you let me know if it is okay.....
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    If normal mode will give you fits run the tool from safe mode.
     
  24. pot1234Dreadlox

    pot1234Dreadlox TS Enthusiast Topic Starter Posts: 106

    didn't even get to safe mode. blue screen .... I'll try again....okay this time but not showing total defense or CA.....mmmm?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Revo doesn't list CA?

    What happens when you start in normal mode?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...